Privacy alert: Twitter disclosed email addresses when people sent DMs (UPDATED): Via CFP 2009 Blog.

UPDATE, 3 p.m. Pacific time: Twitter appears to have fixed the bug, and DMs from before June 11 do not appear to be affected. But anybody you sent a DM to between June 11 and June 18 now has the email address you’re using on your Twitter account.

FYI - when you send a DM, the receiver CAN SEE YOUR EMAIL ADDRESS from the DM sent via email. BE AWARE!!! @twitter #security #fail

– ChicagoBungalow about 18 hours ago on Twitter

For those who aren’t on Twitter, a DM is a “direct message”, twitterspeak for a private message between two people. When you receive a DM, Twitter notifies you via email. And sure enough, just as ChicagoBungalow said, if I send you a DM, if you look at the email header information, you’ll see that the “Sender” field has an address like

twitter-dm-jon_pincus=yahoo.com@postmaster.twitter.com

This field is hidden by default — in gmail, you need to select “Show original” to see it — but once you find it, it doesn’t take a rocket scientist to figure out what yahoo.com account name I used to sign up on Twitter.

If I want somebody to have my email address, I’ll send it to them. I don’t want Twitter giving it out for me. And most especially, I don’t want Twitter doing it behind my back.

jon

PS: I updated this post several times to clarify the description; thanks to all for the feedback, and @NiteStar for the gmail instructions.

Read Original Article:(Via CFP 2009 Blog .)